Vulnerabilities > CVE-2017-17738 - Unspecified vulnerability in Brightsign 4K242 Firmware

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
brightsign
exploit available

Summary

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.

Vulnerable Configurations

Part Description Count
OS
Brightsign
1
Hardware
Brightsign
1

Exploit-Db

descriptionBrightSign Digital Signage - Multiple Vulnerablities. CVE-2017-17737,CVE-2017-17738,CVE-2017-17739. Webapps exploit for Hardware platform
fileexploits/hardware/webapps/43364.txt
idEDB-ID:43364
last seen2017-12-19
modified2017-12-19
platformhardware
port
published2017-12-19
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43364/
titleBrightSign Digital Signage - Multiple Vulnerablities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145489/brightsignds-xsstraversalupload.txt
idPACKETSTORM:145489
last seen2017-12-19
published2017-12-19
reportersingularitysec
sourcehttps://packetstormsecurity.com/files/145489/BrightSign-Digital-Signage-XSS-Traversal-File-Upload.html
titleBrightSign Digital Signage XSS / Traversal / File Upload